General
-
Target
4C58336AAA28C4CC966940F6C482D1FB.exe
-
Size
450KB
-
Sample
210622-g5pn9s4mta
-
MD5
4c58336aaa28c4cc966940f6c482d1fb
-
SHA1
28b49ac264ffc42ab967954e3ca4a96c52c3329e
-
SHA256
a070e626348cff81c78f7f55a2802dfb4de6aa425fe2d1683ec527237865fcaf
-
SHA512
b1c48e6d07160ef44e84dce4666d63ab797aea99befb3a6468ea42bae1966dd38ff30829108f0fb796e78dc91c35c2aaa21459a5aa01369ef311d19b7e99bb96
Static task
static1
Behavioral task
behavioral1
Sample
4C58336AAA28C4CC966940F6C482D1FB.exe
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
jeazerlog.duckdns.org:6606
jeazerlog.duckdns.org:7707
jeazerlog.duckdns.org:8808
AsyncMutex_6SI8OkPnk
-
aes_key
YGrbOsxKn7SFWDJcMblkdm9RcvAs20hL
-
anti_detection
false
-
autorun
false
-
bdos
false
-
delay
beta
-
host
jeazerlog.duckdns.org
-
hwid
3
- install_file
-
install_folder
%AppData%
-
mutex
AsyncMutex_6SI8OkPnk
-
pastebin_config
null
-
port
6606,7707,8808
-
version
0.5.7B
Targets
-
-
Target
4C58336AAA28C4CC966940F6C482D1FB.exe
-
Size
450KB
-
MD5
4c58336aaa28c4cc966940f6c482d1fb
-
SHA1
28b49ac264ffc42ab967954e3ca4a96c52c3329e
-
SHA256
a070e626348cff81c78f7f55a2802dfb4de6aa425fe2d1683ec527237865fcaf
-
SHA512
b1c48e6d07160ef44e84dce4666d63ab797aea99befb3a6468ea42bae1966dd38ff30829108f0fb796e78dc91c35c2aaa21459a5aa01369ef311d19b7e99bb96
Score10/10-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-